SuSE9 Security Update : telnet (YOU Patch Number 10238)

High Nessus Plugin ID 41074


The remote SuSE 9 host is missing a security-related patch.


The telnet client protocol can be abused by a malicious server to read the environment of the client site. The information can be used as preparation for further attacks. This bug can also be exploited by using the telnet:// URL on a web-site and letting the web-browser fork a telnet client. This bug was reported by iDEFENSE [IDEF0865].

Note that this patch changes the behaviour of the telnet client regarding the rule of exported environment variables. Please consult the man page for further details.


Apply YOU patch number 10238.

Plugin Details

Severity: High

ID: 41074

File Name: suse9_10238.nasl

Version: $Revision: 1.4 $

Type: local

Agent: unix

Published: 2009/09/24

Modified: 2012/04/23

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2005/06/10